Bret Hawnes Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM



------------------------
Amiga Virus Encyclopedia
Bret Hawnes Virus 
------------------------


===== Computer Virus Catalog 1.2: BRET HAWNES Virus (20-FEB-1993) ======
Entry...............: BRET HAWNES Virus
Alias(es)...........: ---
Virus Strain........: ---
Virus detected when.: ---
              where.: ---
Classification......: Link virus (directory type), resident
Length of Virus.....: 1. Length on storage medium:  2608 byte
                      2. Length in RAM:            12608 byte
--------------------- Preconditions ------------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/all, 1.2/all, 2.01/all
Computer model(s)...: all models
--------------------- Attributes ---------------------------------------
Easy Identification.: Identification by the following entry (hex) in
                         "startup-sequence" as first entry:
                         $C0,$A0,$E0,$A0,$C0 (invisible in most ASCII
                         editors)
Type of infection...: Self-identification method: virus is searching for
                         its internal name (5 bytes) as first entry
                         in "startup-sequence"
                      System infection: RAM resident, reset resident
Infection Trigger...: first use of OpenWindow after reset
Storage media affected: all DOS-devices
Interrupts hooked...: hardware-interrupt 3
Damage..............: Permanent damage: writes it's code to disk and
                         it himself into "startup-sequence"
                      Transient damage: system shutdown after displaying
                         "guess who`s back yep, bret hawnes blops
                          your screen",
                         "i`ve taken controll over your amiga !!!!",
                         "there`s only one cure: power off, reboot !!!"
Damage Trigger......: Permanent damage: first OpenWindow after reset
                      Transient damage: 10th infection or 60,000th
                         occurence of interrupt 3 after reset (on
                         PAL-AMIGAS approx. after 20 Minutes)
Particularities.....: Changes OpenLib, OpenWindow und CoolCapture
                         vector and uses KickTagPtr; has a format
                         routine (drive 0, tracks 35 to 45) called
                         every 10th infection that doesn`t seem to work
Similarities........: Colors Virus Carrier; same infection as Lamer
                         file viruses.
--------------------- Agents -------------------------------------------
Countermeasures.....: Virus Checker 6.19, VirusZ 3.00
Countermeasures successful: Virus Checker 6.19, VirusZ 3.00
Standard means......: VirusZ 3.00
--------------------- Acknowledgement ----------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Karim Senoucci
Documentation by....: Karim Senoucci
Date................: 15-December-1992
Information Source..: Virus analysis
===================== End of BRET HAWNES Virus =========================

Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III with Xvs.library installed
 




Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk